This disclosure relates to detecting and preventing intrusion into a software application, and auditing of the software application, and more specifically, to monitoring an application that runs in a process virtual machine.
Generally, a virtual machine (VM) is software that emulates a machine, i.e., a computer. Virtual machines may be classified as system or process VMs. The virtualization software of a system VM is sometimes referred to as a hypervisor or virtual machine monitor. A system VM emulates the complete hardware environment of a particular computer, including its instruction set architecture (ISA). One or more guest operating systems (OS) may run on a system VM, and various programs may run on each guest operating system running on the system VM.
On the other hand, the virtualization software of a process VM emulates an application program environment. A process VM is sometimes referred to as an application virtual machine or a managed runtime environment. A process VM runs as an application on a host OS. Applications can be written to run in the environment provided by a process VM and one or more programming languages may be designed for use with a particular process VM. A process VM may provide application binary interfaces and application programming interfaces for use by the application. A process VM generally enables an application to run on different types of hardware without modification. A process VM may be vulnerable to unauthorized accesses that could result in a release of secure data. A process VM is the type of VM in which the embodiments described in the Detailed Description may be implemented.